!
! template: bgpd/templates/general/policies.conf.j2
!
!
ip prefix-list DEFAULT_IPV4 permit 0.0.0.0/0
ipv6 prefix-list DEFAULT_IPV6 permit ::/0
!
{% if constants.bgp.allow_list is defined and constants.bgp.allow_list.enabled is defined and constants.bgp.allow_list.enabled and constants.bgp.allow_list.drop_community is defined %}
!
!
! please don't remove. 65535 entries are default rules
! which works when allow_list is enabled, but new configuration
! is not applied
!
{%   if allow_list_default_action == 'deny' %}
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
  set community no-export additive
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
  set community no-export additive
{%   else %}
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V4 permit 65535
  set community {{ constants.bgp.allow_list.drop_community }} additive
!
route-map ALLOW_LIST_DEPLOYMENT_ID_0_V6 permit 65535
  set community {{ constants.bgp.allow_list.drop_community }} additive
{%   endif %}
!
bgp community-list standard allow_list_default_community permit no-export
bgp community-list standard allow_list_default_community permit {{ constants.bgp.allow_list.drop_community }}
!
route-map FROM_BGP_PEER_V4 permit 10
  call ALLOW_LIST_DEPLOYMENT_ID_0_V4
  on-match next
!
route-map FROM_BGP_PEER_V4 permit 11
  match community allow_list_default_community
{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %}
  on-match next
!
route-map FROM_BGP_PEER_V4 permit 12
  match ip address prefix-list DEFAULT_IPV4
!
route-map FROM_BGP_PEER_V4 permit 13
{% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] != 'chassis-packet' %}
  set tag {{ constants.bgp.route_do_not_send_appdb_tag }}
{% else %}
  set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }}
{% endif %}
  set community {{ constants.bgp.internal_fallback_community }} additive
{% endif %}
{% endif %}
!
route-map FROM_BGP_PEER_V6 permit 10
  call ALLOW_LIST_DEPLOYMENT_ID_0_V6
  on-match next
!
route-map FROM_BGP_PEER_V6 permit 11
  match community allow_list_default_community
{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %}
  on-match next
!
route-map FROM_BGP_PEER_V6 permit 12
  match ipv6 address prefix-list DEFAULT_IPV6
!
route-map FROM_BGP_PEER_V6 permit 13
{% if CONFIG_DB__DEVICE_METADATA['localhost']['switch_type'] != 'chassis-packet' %}
  set tag {{ constants.bgp.route_do_not_send_appdb_tag }}
{% else %}
  set tag {{ constants.bgp.route_eligible_for_fallback_to_default_tag }}
{% endif %}
  set community {{ constants.bgp.internal_fallback_community }} additive
{% endif %}
{% endif %}
!
{% endif %}
!
!
!
route-map FROM_BGP_PEER_V4 permit 100
!
route-map TO_BGP_PEER_V4 permit 100
  call CHECK_IDF_ISOLATION
!
!
route-map FROM_BGP_PEER_V6 permit 1
 on-match next
 set ipv6 next-hop prefer-global
!
route-map FROM_BGP_PEER_V6 permit 100
!
route-map TO_BGP_PEER_V6 permit 100
  call CHECK_IDF_ISOLATION
!
route-map CHECK_IDF_ISOLATION permit 10
!
!
!
{% if CONFIG_DB__DEVICE_METADATA and 'localhost' in CONFIG_DB__DEVICE_METADATA and 'type' in CONFIG_DB__DEVICE_METADATA['localhost'] and 'subtype' in CONFIG_DB__DEVICE_METADATA['localhost'] %}
{% if CONFIG_DB__DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and CONFIG_DB__DEVICE_METADATA['localhost']['subtype'] == 'UpstreamLC' %}
bgp community-list standard ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.anchor_route_community }}
bgp community-list standard LOCAL_ANCHOR_ROUTE_COMMUNITY permit {{ constants.bgp.local_anchor_route_community }}
bgp community-list standard ANCHOR_CONTRIBUTING_ROUTE_COMMUNITY permit {{ constants.bgp.anchor_contributing_route_community }}
!
route-map SELECTIVE_ROUTE_DOWNLOAD_V4 deny 10
  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
!
route-map SELECTIVE_ROUTE_DOWNLOAD_V4 permit 1000
!
route-map SELECTIVE_ROUTE_DOWNLOAD_V6 deny 10
  match community LOCAL_ANCHOR_ROUTE_COMMUNITY
!
route-map SELECTIVE_ROUTE_DOWNLOAD_V6 permit 1000
!
route-map TAG_ANCHOR_COMMUNITY permit 10
  set community {{ constants.bgp.local_anchor_route_community }} {{ constants.bgp.anchor_route_community }} additive
!
route-map TO_BGP_PEER_V6 permit 30
  match ipv6 address prefix-list ANCHOR_CONTRIBUTING_ROUTES
  set community {{ constants.bgp.anchor_contributing_route_community }} additive
  on-match next
!
route-map TO_BGP_PEER_V6 permit 40
  set comm-list LOCAL_ANCHOR_ROUTE_COMMUNITY delete
!
route-map TO_BGP_PEER_V4 permit 30
  match ipv6 address prefix-list ANCHOR_CONTRIBUTING_ROUTES
  set community {{ constants.bgp.anchor_contributing_route_community }} additive
  on-match next
!
route-map TO_BGP_PEER_V4 permit 40
  set comm-list LOCAL_ANCHOR_ROUTE_COMMUNITY delete
!
{% endif %}
{% endif %}
! end of template: bgpd/templates/general/policies.conf.j2
!
